Beispiel #1
0
        /// <summary>
        /// Sanitize source html
        /// </summary>
        /// <param name="source"></param>
        /// <param name="policy"></param>
        /// <returns></returns>
        public string Sanitize(string source, AntiXssPolicy policy)
        {
            if (string.IsNullOrWhiteSpace(source))
            {
                throw new ArgumentNullException(nameof(source));
            }
            if (policy == null)
            {
                throw new ArgumentNullException(nameof(policy));
            }

            var sanitizer = new HtmlSanitizer(policy.AllowedTags, policy.AllowedSchemes, policy.AllowedAttributes, policy.UriAttributes, policy.AllowedCssProperties);

            return(sanitizer.Sanitize(source, policy.BaseUrl, policy.OutputFormatter));
        }
        private AntiXssPolicyBuilder Combine(AntiXssPolicy policy)
        {
            if (policy == null)
            {
                throw new ArgumentNullException(nameof(policy));
            }

            WithTags(policy.AllowedTags.ToArray());
            WithSchemes(policy.AllowedSchemes.ToArray());
            WithAttributes(policy.AllowedAttributes.ToArray());
            WithUriAttributes(policy.UriAttributes.ToArray());
            WithCssProperties(policy.AllowedCssProperties.ToArray());
            WithBaseUrl(policy.BaseUrl);
            WithOutputFormatter(policy.OutputFormatter);

            return(this);
        }
Beispiel #3
0
 private static string Sanitizer(string originHtmlString, AntiXss antiXss, AntiXssPolicy policy = null)
 {
     return(policy == null?antiXss.Sanitize(originHtmlString) : antiXss.Sanitize(originHtmlString, policy));
 }
 /// <summary>
 /// Creates a new instance of the <see cref="AntiXssPolicyBuilder"/>.
 /// </summary>
 /// <param name="policy">The policy which will be used to intialize the builder.</param>
 public AntiXssPolicyBuilder(AntiXssPolicy policy)
 {
     Combine(policy);
 }